Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.conf sorting rewrites ssl configuration #491

Open
asgrdeu opened this issue Feb 4, 2025 · 2 comments
Open

.conf sorting rewrites ssl configuration #491

asgrdeu opened this issue Feb 4, 2025 · 2 comments
Labels
bug

Comments

@asgrdeu
Copy link

asgrdeu commented Feb 4, 2025

Environment

Include the result of the following commands:

  • nginx -V
  • uname -a

Description

bug for sorting and ssl configuring. about below

  • [Yes] The bug is reproducible with the latest version of nginx
  • [Yes] The nginx configuration is minimized to the smallest possible
    to reproduce the issue and doesn't contain third-party modules

nginx configuration

We have conf 1

cat /etc/nginx/sites-available/as.com
 
server {
	listen 80;
	server_name example.com;
	
	access_log /access.log;
	error_log /error.log;

	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl;
	server_name example.com;

	root /;
	index index.html;

	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security "max-age=31536000" always;
	
	location / {
		try_files $uri $uri/ /index.html;
	}

	access_log /access.log;
	error_log /error.log;
}

And we have conf 2

cat /etc/nginx/sites-available/ar.com
 
server {
	listen 80;
	server_name sub.example.com;
	
	access_log /access-80.log;
	error_log /error-80.log;

	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl;
	server_name sub.example.com;

	root /;
	index index.html;

	location / {
		try_files $uri $uri/ /index.html;
	}

	access_log /access-443.log;
	error_log /error-443.log;
}

and try nginx -t we get this bug for ar.com

(nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/ar.com:11)

this problem with conf sorting, ar.com previously and as.after that make rewrite global ssl config
@asgrdeu asgrdeu added the bug label Feb 4, 2025
@HanadaLee
Copy link

I don't understand the problem you mentioned. Isn't it expected that the example configuration you gave would result in no "ssl_certificate" is defined for the "listen ... ssl" directive?

@asgrdeu
Copy link
Author

asgrdeu commented Feb 5, 2025
edited
Loading

it's not true, if it's subdomain which need to take ssl automatically from upper
or we can need self approve that file names for domains will be sorted successfully?
if it's true, then it not most obvious mechanism, and error not released about this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HanadaLee @asgrdeu